Security update for libvirt SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0939-1 Final 1 1 2018-04-12T18:06:22Z current 2018-04-12T18:06:22Z 2018-04-12T18:06:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libvirt This update for libvirt and virt-manager fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). Non-security issues fixed in libvirt: - bsc#1070615: Fixed TPM device passthrough failure on kernels >= 4.0. - bsc#1082041: SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot. - bsc#1082161: Unable to change RTC basis or adjustment for Xen HVM guests using libvirt. Non-security issues fixed in virt-manager: - bsc#1086038: VM guests cannot be properly installed with virt-install - bsc#1067018: KVM Guest creation failed - Property .cmt not found - bsc#1054986: Fix openSUSE 15.0 detection. It has no content file or .treeinfo file - bsc#1085757: Fallback to latest version of openSUSE when opensuse-unknown is detected for the ISO This update was imported from the SUSE:SLE-12-SP3:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00011.html E-Mail link for openSUSE-SU-2018:0939-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libvirt-3.3.0-15.1 libvirt-admin-3.3.0-15.1 libvirt-client-3.3.0-15.1 libvirt-daemon-3.3.0-15.1 libvirt-daemon-config-network-3.3.0-15.1 libvirt-daemon-config-nwfilter-3.3.0-15.1 libvirt-daemon-driver-interface-3.3.0-15.1 libvirt-daemon-driver-libxl-3.3.0-15.1 libvirt-daemon-driver-lxc-3.3.0-15.1 libvirt-daemon-driver-network-3.3.0-15.1 libvirt-daemon-driver-nodedev-3.3.0-15.1 libvirt-daemon-driver-nwfilter-3.3.0-15.1 libvirt-daemon-driver-qemu-3.3.0-15.1 libvirt-daemon-driver-secret-3.3.0-15.1 libvirt-daemon-driver-storage-3.3.0-15.1 libvirt-daemon-driver-storage-core-3.3.0-15.1 libvirt-daemon-driver-storage-disk-3.3.0-15.1 libvirt-daemon-driver-storage-iscsi-3.3.0-15.1 libvirt-daemon-driver-storage-logical-3.3.0-15.1 libvirt-daemon-driver-storage-mpath-3.3.0-15.1 libvirt-daemon-driver-storage-rbd-3.3.0-15.1 libvirt-daemon-driver-storage-scsi-3.3.0-15.1 libvirt-daemon-driver-uml-3.3.0-15.1 libvirt-daemon-driver-vbox-3.3.0-15.1 libvirt-daemon-hooks-3.3.0-15.1 libvirt-daemon-lxc-3.3.0-15.1 libvirt-daemon-qemu-3.3.0-15.1 libvirt-daemon-uml-3.3.0-15.1 libvirt-daemon-vbox-3.3.0-15.1 libvirt-daemon-xen-3.3.0-15.1 libvirt-devel-3.3.0-15.1 libvirt-devel-32bit-3.3.0-15.1 libvirt-doc-3.3.0-15.1 libvirt-libs-3.3.0-15.1 libvirt-lock-sanlock-3.3.0-15.1 libvirt-nss-3.3.0-15.1 virt-install-1.4.1-9.1 virt-manager-1.4.1-9.1 virt-manager-common-1.4.1-9.1 libvirt-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-admin-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-client-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-config-network-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-config-nwfilter-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-interface-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-libxl-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-lxc-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-network-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-nodedev-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-nwfilter-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-qemu-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-secret-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-core-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-disk-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-iscsi-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-logical-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-mpath-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-rbd-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-scsi-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-uml-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-vbox-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-hooks-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-lxc-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-qemu-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-uml-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-vbox-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-daemon-xen-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-devel-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-devel-32bit-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-doc-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-libs-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-lock-sanlock-3.3.0-15.1 as a component of openSUSE Leap 42.3 libvirt-nss-3.3.0-15.1 as a component of openSUSE Leap 42.3 virt-install-1.4.1-9.1 as a component of openSUSE Leap 42.3 virt-manager-1.4.1-9.1 as a component of openSUSE Leap 42.3 virt-manager-common-1.4.1-9.1 as a component of openSUSE Leap 42.3 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVE-2017-5715 openSUSE Leap 42.3:libvirt-3.3.0-15.1 openSUSE Leap 42.3:libvirt-admin-3.3.0-15.1 openSUSE Leap 42.3:libvirt-client-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-config-network-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-config-nwfilter-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-interface-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-libxl-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-lxc-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-network-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-nodedev-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-nwfilter-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-qemu-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-secret-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-core-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-disk-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-iscsi-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-logical-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-mpath-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-rbd-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-scsi-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-uml-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-vbox-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-hooks-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-lxc-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-qemu-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-uml-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-vbox-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-xen-3.3.0-15.1 openSUSE Leap 42.3:libvirt-devel-3.3.0-15.1 openSUSE Leap 42.3:libvirt-devel-32bit-3.3.0-15.1 openSUSE Leap 42.3:libvirt-doc-3.3.0-15.1 openSUSE Leap 42.3:libvirt-libs-3.3.0-15.1 openSUSE Leap 42.3:libvirt-lock-sanlock-3.3.0-15.1 openSUSE Leap 42.3:libvirt-nss-3.3.0-15.1 openSUSE Leap 42.3:virt-install-1.4.1-9.1 openSUSE Leap 42.3:virt-manager-1.4.1-9.1 openSUSE Leap 42.3:virt-manager-common-1.4.1-9.1 important 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00011.html https://www.suse.com/security/cve/CVE-2017-5715.html CVE-2017-5715 https://bugzilla.suse.com/1068032 SUSE Bug 1068032 https://bugzilla.suse.com/1074562 SUSE Bug 1074562 https://bugzilla.suse.com/1074578 SUSE Bug 1074578 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1074741 SUSE Bug 1074741 https://bugzilla.suse.com/1074919 SUSE Bug 1074919 https://bugzilla.suse.com/1075006 SUSE Bug 1075006 https://bugzilla.suse.com/1075007 SUSE Bug 1075007 https://bugzilla.suse.com/1075262 SUSE Bug 1075262 https://bugzilla.suse.com/1075419 SUSE Bug 1075419 https://bugzilla.suse.com/1076115 SUSE Bug 1076115 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 https://bugzilla.suse.com/1078353 SUSE Bug 1078353 https://bugzilla.suse.com/1080039 SUSE Bug 1080039 https://bugzilla.suse.com/1087939 SUSE Bug 1087939 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 https://bugzilla.suse.com/1095735 SUSE Bug 1095735 https://bugzilla.suse.com/1102055 SUSE Bug 1102055 https://bugzilla.suse.com/1102517 SUSE Bug 1102517 https://bugzilla.suse.com/1105108 SUSE Bug 1105108 https://bugzilla.suse.com/1126516 SUSE Bug 1126516 https://bugzilla.suse.com/1173489 SUSE Bug 1173489 https://bugzilla.suse.com/1174161 SUSE Bug 1174161 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. CVE-2018-1064 openSUSE Leap 42.3:libvirt-3.3.0-15.1 openSUSE Leap 42.3:libvirt-admin-3.3.0-15.1 openSUSE Leap 42.3:libvirt-client-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-config-network-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-config-nwfilter-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-interface-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-libxl-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-lxc-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-network-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-nodedev-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-nwfilter-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-qemu-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-secret-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-core-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-disk-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-iscsi-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-logical-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-mpath-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-rbd-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-scsi-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-uml-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-vbox-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-hooks-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-lxc-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-qemu-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-uml-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-vbox-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-xen-3.3.0-15.1 openSUSE Leap 42.3:libvirt-devel-3.3.0-15.1 openSUSE Leap 42.3:libvirt-devel-32bit-3.3.0-15.1 openSUSE Leap 42.3:libvirt-doc-3.3.0-15.1 openSUSE Leap 42.3:libvirt-libs-3.3.0-15.1 openSUSE Leap 42.3:libvirt-lock-sanlock-3.3.0-15.1 openSUSE Leap 42.3:libvirt-nss-3.3.0-15.1 openSUSE Leap 42.3:virt-install-1.4.1-9.1 openSUSE Leap 42.3:virt-manager-1.4.1-9.1 openSUSE Leap 42.3:virt-manager-common-1.4.1-9.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00011.html https://www.suse.com/security/cve/CVE-2018-1064.html CVE-2018-1064 https://bugzilla.suse.com/1076500 SUSE Bug 1076500 https://bugzilla.suse.com/1083625 SUSE Bug 1083625 util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. CVE-2018-6764 openSUSE Leap 42.3:libvirt-3.3.0-15.1 openSUSE Leap 42.3:libvirt-admin-3.3.0-15.1 openSUSE Leap 42.3:libvirt-client-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-config-network-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-config-nwfilter-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-interface-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-libxl-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-lxc-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-network-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-nodedev-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-nwfilter-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-qemu-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-secret-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-core-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-disk-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-iscsi-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-logical-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-mpath-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-rbd-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-scsi-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-uml-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-driver-vbox-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-hooks-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-lxc-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-qemu-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-uml-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-vbox-3.3.0-15.1 openSUSE Leap 42.3:libvirt-daemon-xen-3.3.0-15.1 openSUSE Leap 42.3:libvirt-devel-3.3.0-15.1 openSUSE Leap 42.3:libvirt-devel-32bit-3.3.0-15.1 openSUSE Leap 42.3:libvirt-doc-3.3.0-15.1 openSUSE Leap 42.3:libvirt-libs-3.3.0-15.1 openSUSE Leap 42.3:libvirt-lock-sanlock-3.3.0-15.1 openSUSE Leap 42.3:libvirt-nss-3.3.0-15.1 openSUSE Leap 42.3:virt-install-1.4.1-9.1 openSUSE Leap 42.3:virt-manager-1.4.1-9.1 openSUSE Leap 42.3:virt-manager-common-1.4.1-9.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00011.html https://www.suse.com/security/cve/CVE-2018-6764.html CVE-2018-6764 https://bugzilla.suse.com/1080042 SUSE Bug 1080042